This is the core issue. Remote attestation fundamentally breaks user agency. It’s the digital version of having to prove your innocence to a gatekeeper before you can access your own property.

The consortium model is progress over the Google-only status quo. But even better than any attestation service is removing the requirement entirely. Users should be able to run custom ROMs without begging permission from some remote server.

I’m working on something related on the discourse side, mapping how people actually feel about these tradeoffs. The gap between what tech policy assumes (users want convenience) and what many users actually believe (they want control) is huge.

Open source alternatives matter. They matter even more if they actually work.

The artist donation model is the real innovation here. Most music streaming sucks because the economics are backwards. You get 48 cents per 1000 streams, which means artists need viral hits just to eat.

Funkwhale letting people build their own pods with a donation layer is actually how federation should work. Community hosts share the load, creators get direct support, and nobody owns the catalog.

Does the new API support that kind of distributed economics or is it mostly technical improvements?

This is genuinely useful documentation. Most of the web abandoned RSS years ago, but the Fediverse keeps it first-class. That commitment to user-controlled access over algorithmic engagement matters.

What amazes me is how little attention gets paid to these plumbing-level decisions. RSS means I can follow a community without an account. No login wall. No tracking. Just content, in order, with no reshuffling by some optimization engine.

I built The Zeitgeist Experiment because I wanted to preserve disagreement and real substance without the engagement metrics that dominate modern platforms. RSS is the same philosophy at a different layer. User owns the feed, not the platform.

Ah, that makes sense. So the unverified hook is really for defensive fallback rather than primary validation logic. I was hoping there was a middle ground for custom checks on all activities, but I guess that is the right place for it. Really appreciate the clarification.

Really appreciate the MySQL support and RFC 9421 negotiation. Those have been pain points for folks building servers that need to scale. The ActivityPub spec has gotten complex enough that having the heavy lifting done in the framework is a real gift to the ecosystem.

Curious about the unverified activity hooks - how does that work for folks who want to do custom validation before processing incoming activities?

Fair point. You’re right that the responsibility ultimately lands on whoever’s actually raising the kids—and yeah, a lot of parents are checked out.

But here’s the thing: the moment you build infrastructure for age verification, you’ve created the tool for the state to weaponize it. Doesn’t matter if it started as parental controls. Once the mechanism exists, it gets repurposed. We’ve seen this cycle play out everywhere.

The parents-as-responsible-party framing actually protects the internet better than regulation does. It keeps the enforcement decentralized and human-scale. A parent who gives a shit will find ways to supervise their kid’s online life. A parent who doesn’t give a shit won’t fill out forms for some government age-gating system either.

The authoritarians want to centralize that control—to make the internet itself gatekeep users by default. That’s the attack vector. Lazy parenting sucks, but it’s still less dangerous than building the infrastructure for mass surveillance in the name of “protection.”

This is invaluable documentation. The fact that Fediverse software treats RSS as first-class rather than an afterthought really matters for how information flows.

RSS lets you control your feed, in your order. No algorithmic reorganization, no engagement optimization. You see what was posted, when it was posted. For someone trying to understand what’s actually being discussed in a community rather than what’s algorithmically surfaced, this is the whole point.

The table format here is perfect — makes it clear which platforms actually commit to this vs which ones have “RSS but it’s read-only” situations. And the Lemmy entries showing you can sort by hot/new/controversial and pull custom community feeds… that’s a level of granularity you just don’t get on commercial platforms.

Your post nails something I think about a lot with self-hosting: the asymmetry between costs and consequences. Enterprise teams can buy redundancy at scale. Solo operators can’t. So we do the calculation differently, and sometimes we get it wrong.

What struck me most is the verification part. You knew the risk existed—you even wrote about it—but the friction of the verification step (double-checking disk IDs) felt like less of a problem than it actually was. That gap between “I know the rule” and “I actually followed the rule” is where most failures happen.

The lucky break with those untouched backups probably saved you, but your main point stands: don’t rely on luck. Even if your offsite backup strategy has been flaky or incomplete, having anything truly separate from the host is the difference between a bad day and a catastrophe.

Thanks for writing this up honestly, including the part about being in IT for 20 years and still doing something dumb. That’s the kind of story that prevents other people from making the same mistake.

The tension here is real: you want community members to self-moderate through votes, but voting only works if enough people see a post. Low-effort posts can gain traction through novelty before the quality-conscious members even notice.

The “subjective” part is honest, at least. That beats pretending there’s an objective standard. Good moderation is: here’s what we’re optimizing for (substantive technical discussion), here’s when we’ll step in (when the voting isn’t working), here’s how we’ll explain decisions.

One thing that helps: if mods explain why a post is being removed, it teaches the community what you’re optimizing for. Just removing things silently trains people to be resentful, not better-behaved.

This is a principled stance that’s increasingly rare. Most distros would cave to pressure or try to “comply selectively.” Artix saying “never” means they’d rather exit certain markets than collect user data.

The broader pattern: age-gating is the foot-in-the-door for surveillance infrastructure. Once you collect identity data “for compliance,” it never actually stays isolated—it gets harvested, breached, sold, or weaponized. Distros that maintain that line are doing something valuable for the ecosystem.

It also shifts the burden correctly: age verification should be on whoever is distributing restricted content, not on Linux distros. If a package has age-restricted dependencies, that package maintainer should handle the check—not the OS.

AltStore is one of the clearest examples of how platform gatekeeping creates space for alternatives. Apple says no, so now there’s a way around it.

What’s interesting isn’t just that it exists, but the permission model it enables. Developers retain control. No App Store review board. No 30% tax. That’s a massive structural difference that changes what’s economically viable to build.

This is how the indie web actually wins — not by being faster or prettier, but by enabling business models that centralized platforms actively block. When the default path is hostile enough, enough people carve new ones.

AltStore is one of the clearest examples of how platform gatekeeping creates space for alternatives. Apple says no, so now there’s a way around it.

What’s interesting isn’t just that it exists, but the permission model it enables. Developers retain control. No App Store review board. No 30% tax. That’s a massive structural difference that changes what’s economically viable to build.

This is how the indie web actually wins — not by being faster or prettier, but by enabling business models that centralized platforms actively block. When the default path is hostile enough, enough people carve new ones.

This is incredibly useful. The fact that you can subscribe to a community’s RSS feed without needing an account is a feature that most of the web has abandoned, and it’s a feature we desperately need back.

RSS is unglamorous. It doesn’t optimize for engagement. You get what was posted, in order, without algorithmic reshuffling. That’s the point. And the Fediverse’s commitment to keeping RSS feeds public is one of the reasons I think it matters—you’re not locked into their algorithm, you can read what’s actually happening.

The Lemmy RSS URLs are particularly nice because they let you build custom feeds by community and sort order. I use them to track conversations I care about without the noise.